Date: Mon, 24 Sep 2001 22:23:03 -0400 From: Bill Moran <wmoran@iowna.com> To: cyu0635@home.com Cc: Odhiambo Washington <wash@wananchi.com>, "freebsd-questions@FreeBSD.ORG" <freebsd-questions@FreeBSD.ORG> Subject: Re: chmod Message-ID: <01092422230301.01139@proxy.the-i-pa.com> In-Reply-To: <3BAFE35F.543E141A@home.com> References: <3BAE9A01.CC7F8176@home.com> <20010924144445.F75389@ns2.wananchi.com> <3BAFE35F.543E141A@home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 24 September 2001 21:52, cyu0635@home.com wrote: > Hi > > Is it any security problem? Please teach me. Some examples: imagine a binary called "erase" that unlinks files. If the owner of this binary is root and the setuid bit is turned on on the permissions, then any user that executes this program will have root permissions while running the "erase" program. Thus, they would be able to unlink any file, since root has that kind of power. The same binary, without setuid set, will run with the permissions of the user running it. This would prevent them from unlinking files that they don't have permissions to. setuid is normally used by system binaries that need special permissions to access certain parts of the system. For example, in order for a user to change his/her password, they need to edit the password database in /etc. This file is writable only by root, however, so the "passwd" program must be setuid root in order to effectively change anyones password. When you have programs that are setuid root, the potential for security problems is much higher. Imagine if the "passwd" program had a bug in it so that you could delete files using it in a strange way. Since it's setuid root, exploiting this bug would allow a cracker to delete any file on the system. Other binaries on the system might have similar bugs, but if they are not setuid root, they can still only do as much damage as the user has permission to - which isn't very much for most users. Hope that helps. > > > | > What is the meaning of the figure '4'? > > | > > > | > > > | > chmod 4755 /usr/sbin/sendmail > > | > > > | > Many tks -- Bill Moran Potential Technology technical services (412) 793-4257 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01092422230301.01139>